@retr0:

Add the ca to windows with cert manager to root ca store no need to add it to individual browsers or apps.

This won't work with Firefox/other Mozilla-based browsers, nor with any other (badly designed) app that doesn't use system certificate store.

I was going to setup a squid proxy on another box on the network, but I'd really like to have squid on the same box as the pfSense. This is really the only issue standing in my way. Are there other things I can do to see why the pfSense box would have a slow speed locally?

I have solved in this way: edit /etc/sysctl.conf and add this line:

net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=20

Proxy Server: Traffic Management:Squid Transfer Quick Abort Settings: Finish transfer if more than x % finished

Set this to 95%

No idea. I'm not censoring my internet. :P

I use squid 2.7 and squidguard. After upgrade to 2.2.5 everything is working fine.

If you dont want to reload blacklist after every reboot, just make at least one entry into "target categories".

Oh… i didn't see that the case is closed.

Thanks for the help that is what I need  :)

I think you can put them in the Integrations section.

@Snailkhan:

am i doing something wrong ?  :-\

please help .. also why is the uname command showing dirty ?

Currently no easy way.. Best is probably to create a backup of the whole pfSense configuration from diagnostics\backup-restore to start with.

Before reverting to a old config uninstall the haproxy-devel package so the new binaries are also uninstalled..

Then if you upgrade the package, and dont make much changes. You should be able to revert to a previous config from before upgrading under diagnostics\backup-restore\history.  But that is only possible 30 changes back depending on how much you change after upgrading that might not be enough..

Otherwise if you do make other changes in firewall-rules or other things, and you want to keep those you might want to take another backup and manually 'merge' the old <haproxy>part into the new backup file, and restore that.. p.s. Restoring a full config will reboot pfSense..(a full restore will also re-install all packages automatically iirc..)

After a config is restored make sure to re-install the 1_5 package to get the 1.5 binaries installed again.

Other option is to just re-install the 1_5 package with the upgraded config, it will mostly still work though backend selections acl-names need to be checked.. And when upgrading again in the future it probably wont upgrade as nicely as it would on a first time.. (it automatically changes combined acl's names and creates matching use_backend actions..)

Now i just hope you will find 1.6 working fine :) , and there wont be any need to go back.</haproxy>

Squid's access.log shows the full URL minus any user data.  If you want to see the user data, add the directive strip_query_terms off to your Squid custom settings.  You can find access.log in /var/squid/logs.

This forum is specifically for issues involving DHCP or DNS.  You are asking about Squid.  The better forum to use for such questions is the Cache/Proxy forum.

Which part of fix your FTP server is unclear?

i have installed dansguardian

Try E2guardian when it comes out https://forum.pfsense.org/index.php?topic=87526.0

yeah looks like that fixed it… will make sure to add to my box of tricks. I have 4 of these machines running and they always worked out of the box. but i do have custom whitelists on all of them.

Thank you :)